ed25519 0.1.0 → 1.0.0

data/ext/ed25519_ref10/sha512.h

@@ -0,0 +1,8 @@
+#ifndef SHA512_H
+#define SHA512_H
+
+#include <stdint.h>
+
+int crypto_hash_sha512(uint8_t *out,const uint8_t *in,uint64_t inlen);
+
+#endif /* SHA512_H */

data/ext/ed25519_ref10/sign.c

@@ -0,0 +1,41 @@
+#include <string.h>
+#include "ed25519_ref10.h"
+#include "sha512.h"
+#include "ge.h"
+#include "sc.h"
+
+int crypto_sign_ed25519_ref10(
+  uint8_t *sm, uint64_t *smlen,
+  const uint8_t *m, uint64_t mlen,
+  const uint8_t *sk
+)
+{
+  unsigned char pk[32];
+  unsigned char az[64];
+  unsigned char nonce[64];
+  unsigned char hram[64];
+  ge_p3 R;
+
+  memmove(pk,sk + 32,32);
+
+  crypto_hash_sha512(az,sk,32);
+  az[0] &= 248;
+  az[31] &= 63;
+  az[31] |= 64;
+
+  *smlen = mlen + 64;
+  memmove(sm + 64,m,mlen);
+  memmove(sm + 32,az + 32,32);
+  crypto_hash_sha512(nonce,sm + 32,mlen + 32);
+  memmove(sm + 32,pk,32);
+
+  sc_reduce(nonce);
+  ge_scalarmult_base(&R,nonce);
+  ge_p3_tobytes(sm,&R);
+
+  crypto_hash_sha512(hram,sm,mlen + 64);
+  sc_reduce(hram);
+  sc_muladd(sm + 32,hram,az,nonce);
+
+  return 0;
+}

data/ext/ed25519_ref10/sqrtm1.h

@@ -0,0 +1 @@
+-32595792,-7943725,9377950,3500415,12389472,-272473,-25146209,-2005654,326686,11406482

data/ext/{ed25519 → ed25519_ref10}/verify.c

@@ -1,6 +1,6 @@
-#include "crypto_verify_32.h"
+#include "ed25519_ref10.h"
 
-int crypto_verify_32(const unsigned char *x,const unsigned char *y)
+int crypto_verify_32(const uint8_t *x,const uint8_t *y)
 {
   unsigned int differentbits = 0;
 #define F(i) differentbits |= x[i] ^ y[i];

data/lib/ed25519.rb

@@ -1,21 +1,42 @@
 # frozen_string_literal: true
 
 require "ed25519/version"
-require "ed25519_engine"
-require "ed25519/jruby_engine" if defined? JRUBY_VERSION
 require "ed25519/signing_key"
 require "ed25519/verify_key"
 
 # The Ed25519 digital signatre algorithm
 # rubocop:disable Metrics/LineLength
 module Ed25519
-  SECRET_KEY_BYTES = 32
-  PUBLIC_KEY_BYTES = 32
-  SIGNATURE_BYTES  = 64
+  module_function
 
-  class SelfTestFailure < StandardError; end
+  # Size of an Ed25519 key (public or private) in bytes
+  KEY_SIZE = 32
 
-  def self.test
+  # Size of an Ed25519 signature in bytes
+  SIGNATURE_SIZE = 64
+
+  # Raised when a signature fails to verify
+  VerifyError = Class.new(StandardError)
+
+  # Raised when the built-in self-test fails
+  SelfTestFailure = Class.new(StandardError)
+
+  # Select the Ed25519::Provider to use based on the current environment
+  if defined? JRUBY_VERSION
+    require "ed25519/provider/jruby"
+    @provider = Ed25519::Provider::JRuby
+  else
+    require "ed25519_ref10"
+    @provider = Ed25519::Provider::Ref10
+  end
+
+  # Selected provider based on the logic above
+  def provider
+    @provider
+  end
+
+  # Perform a self-test to ensure the selected provider is working
+  def self_test
     signature_key = Ed25519::SigningKey.new("A" * 32)
     raise SelfTestFailure, "failed to generate verify key correctly" unless signature_key.verify_key.to_bytes.unpack("H*").first == "db995fe25169d141cab9bbba92baa01f9f2e1ece7df4cb2ac05190f37fcc1f9d"
 
@@ -27,8 +48,18 @@ module Ed25519
     raise SelfTestFailure, "failed to verify a valid signature" unless verify_key.verify(signature, message)
 
     bad_signature = signature[0...63] + "X"
-    raise SelfTestFailure, "failed to detect an invalid signature" unless verify_key.verify(bad_signature, message) == false
+    ex = nil
+
+    # rubocop:disable Lint/HandleExceptions
+    begin
+      verify_key.verify(bad_signature, message)
+    rescue Ed25519::VerifyError => ex
+    end
+    # rubocop:enable Lint/HandleExceptions
+
+    raise SelfTestFailure, "failed to detect an invalid signature" unless ex.is_a?(Ed25519::VerifyError)
   end
 end
 
-Ed25519.test
+# Automatically run self-test when library loads
+Ed25519.self_test

data/lib/ed25519/provider/jruby.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require "java"
+require "ed25519_java"
+
+module Ed25519
+  module Provider
+    # Binding between the JRuby extension and the Ed25519::Provider API
+    #
+    # TODO: implement the Ed25519::Provider API natively in the Java extension
+    module JRuby
+      module_function
+
+      def create_keypair(seed)
+        raise ArgumentError, "seed must be #{KEY_SIZE}-bytes long" unless seed.length == Ed25519::KEY_SIZE
+
+        verify_key = org.cryptosphere.ed25519.publickey(seed.to_java_bytes)
+        verify_key = String.from_java_bytes(verify_key)
+        seed + verify_key
+      end
+
+      def sign(signing_key, message)
+        verify_key  = signing_key[32, 32].to_java_bytes
+        signing_key = signing_key[0, 32].to_java_bytes
+
+        signature = org.cryptosphere.ed25519.signature(message.to_java_bytes, signing_key, verify_key)
+        String.from_java_bytes(signature)
+      end
+
+      def verify(verify_key, signature, message)
+        org.cryptosphere.ed25519.checkvalid(
+          signature.to_java_bytes,
+          message.to_java_bytes,
+          verify_key.to_java_bytes
+        )
+      end
+    end
+  end
+end

data/lib/ed25519/signing_key.rb

@@ -5,22 +5,26 @@ require "securerandom"
 module Ed25519
   # Private key for producing digital signatures
   class SigningKey
-    attr_reader :verify_key
+    attr_reader :seed, :keypair, :verify_key
 
+    # Generate a random Ed25519 signing key (i.e. private scalar)
     def self.generate
-      new SecureRandom.random_bytes(Ed25519::SECRET_KEY_BYTES)
+      new SecureRandom.random_bytes(Ed25519::KEY_SIZE)
     end
 
+    # Create a new Ed25519::SigningKey from the given seed value
+    #
+    # @param seed [String] 32-byte seed value from which the key should be derived
     def initialize(seed)
-      raise ArgumentError, "seed must be 32 bytes long" unless seed.length == SECRET_KEY_BYTES
+      raise ArgumentError, "seed must be #{KEY_SIZE}-bytes long" unless seed.length == KEY_SIZE
       @seed = seed
 
-      verify_key, @signing_key = Ed25519::Engine.create_keypair(seed)
-      @verify_key = VerifyKey.new(verify_key)
+      @keypair = Ed25519.provider.create_keypair(seed)
+      @verify_key = VerifyKey.new(@keypair[32, 32])
     end
 
     def sign(message)
-      Ed25519::Engine.sign(@signing_key, message)
+      Ed25519.provider.sign(@keypair, message)
     end
 
     def inspect
@@ -28,7 +32,7 @@ module Ed25519
     end
 
     def to_bytes
-      @seed
+      seed
     end
     alias to_str to_bytes
   end

data/lib/ed25519/verify_key.rb

@@ -3,26 +3,42 @@
 module Ed25519
   # Public key for verifying digital signatures
   class VerifyKey
+    # Create a Ed25519::VerifyKey from its serialized Twisted Edwards representation
+    #
+    # @param key [String] 32-byte string representing a serialized public key
     def initialize(key)
-      raise ArgumentError, "seed must be 32 bytes long" unless key.length == PUBLIC_KEY_BYTES
-      @key = key
+      raise ArgumentError, "seed must be 32 bytes long" unless key.length == KEY_SIZE
+      @key_bytes = key
     end
 
+    # Verify an Ed25519 signature against the message
+    #
+    # @param signature [String] 64-byte string containing an Ed25519 signature
+    # @param message [String] string containing message to be verified
+    #
+    # @raise Ed25519::VerifyError signature verification failed
+    #
+    # @return [true] message verified successfully
     def verify(signature, message)
-      if signature.length != SIGNATURE_BYTES
-        raise ArgumentError, "expected #{SIGNATURE_BYTES} byte signature, got #{signature.length}"
+      if signature.length != SIGNATURE_SIZE
+        raise ArgumentError, "expected #{SIGNATURE_SIZE} byte signature, got #{signature.length}"
       end
 
-      Ed25519::Engine.verify(@key, signature, message)
-    end
-
-    def inspect
-      to_s
+      return true if Ed25519.provider.verify(@key_bytes, signature, message)
+      raise VerifyError, "signature verification failed!"
     end
 
+    # Return a compressed twisted Edwards coordinate representing the public key
+    #
+    # @return [String] bytestring serialization of this public key
     def to_bytes
-      @key
+      @key_bytes
     end
     alias to_str to_bytes
+
+    # Show hex representation of serialized coordinate in string inspection
+    def inspect
+      "#<#{self.class}:#{@key_bytes.unpack('H*').first}>"
+    end
   end
 end

data/lib/ed25519/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Ed25519
-  VERSION = "0.1.0"
+  VERSION = "1.0.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ed25519
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Tony Arcieri
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-12-11 00:00:00.000000000 Z
+date: 2017-12-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -30,7 +30,7 @@ email:
 - tony.arcieri@gmail.com
 executables: []
 extensions:
-- ext/ed25519/extconf.rb
+- ext/ed25519_ref10/extconf.rb
 extra_rdoc_files: []
 files:
 - ".gitignore"
@@ -45,33 +45,73 @@ files:
 - Rakefile
 - ed25519.gemspec
 - ed25519.png
-- ext/ed25519/api.h
-- ext/ed25519/crypto_int32.h
-- ext/ed25519/crypto_sign.h
-- ext/ed25519/crypto_uint32.h
-- ext/ed25519/crypto_verify_32.h
-- ext/ed25519/ed25519.c
-- ext/ed25519/ed25519_engine.c
-- ext/ed25519/extconf.rb
-- ext/ed25519/fe25519.c
-- ext/ed25519/fe25519.h
-- ext/ed25519/ge25519.c
-- ext/ed25519/ge25519.h
-- ext/ed25519/ge25519_base.data
-- ext/ed25519/org/cryptosphere/ed25519.java
-- ext/ed25519/sc25519.c
-- ext/ed25519/sc25519.h
-- ext/ed25519/sha512-blocks.c
-- ext/ed25519/sha512-hash.c
-- ext/ed25519/sha512.h
-- ext/ed25519/verify.c
+- ext/ed25519_java/org/cryptosphere/ed25519.java
+- ext/ed25519_ref10/api.h
+- ext/ed25519_ref10/base.h
+- ext/ed25519_ref10/base2.h
+- ext/ed25519_ref10/d.h
+- ext/ed25519_ref10/d2.h
+- ext/ed25519_ref10/ed25519_ref10.c
+- ext/ed25519_ref10/ed25519_ref10.h
+- ext/ed25519_ref10/extconf.rb
+- ext/ed25519_ref10/fe.h
+- ext/ed25519_ref10/fe_0.c
+- ext/ed25519_ref10/fe_1.c
+- ext/ed25519_ref10/fe_add.c
+- ext/ed25519_ref10/fe_cmov.c
+- ext/ed25519_ref10/fe_copy.c
+- ext/ed25519_ref10/fe_frombytes.c
+- ext/ed25519_ref10/fe_invert.c
+- ext/ed25519_ref10/fe_isnegative.c
+- ext/ed25519_ref10/fe_isnonzero.c
+- ext/ed25519_ref10/fe_mul.c
+- ext/ed25519_ref10/fe_neg.c
+- ext/ed25519_ref10/fe_pow22523.c
+- ext/ed25519_ref10/fe_sq.c
+- ext/ed25519_ref10/fe_sq2.c
+- ext/ed25519_ref10/fe_sub.c
+- ext/ed25519_ref10/fe_tobytes.c
+- ext/ed25519_ref10/ge.h
+- ext/ed25519_ref10/ge_add.c
+- ext/ed25519_ref10/ge_add.h
+- ext/ed25519_ref10/ge_double_scalarmult.c
+- ext/ed25519_ref10/ge_frombytes.c
+- ext/ed25519_ref10/ge_madd.c
+- ext/ed25519_ref10/ge_madd.h
+- ext/ed25519_ref10/ge_msub.c
+- ext/ed25519_ref10/ge_msub.h
+- ext/ed25519_ref10/ge_p1p1_to_p2.c
+- ext/ed25519_ref10/ge_p1p1_to_p3.c
+- ext/ed25519_ref10/ge_p2_0.c
+- ext/ed25519_ref10/ge_p2_dbl.c
+- ext/ed25519_ref10/ge_p2_dbl.h
+- ext/ed25519_ref10/ge_p3_0.c
+- ext/ed25519_ref10/ge_p3_dbl.c
+- ext/ed25519_ref10/ge_p3_to_cached.c
+- ext/ed25519_ref10/ge_p3_to_p2.c
+- ext/ed25519_ref10/ge_p3_tobytes.c
+- ext/ed25519_ref10/ge_precomp_0.c
+- ext/ed25519_ref10/ge_scalarmult_base.c
+- ext/ed25519_ref10/ge_sub.c
+- ext/ed25519_ref10/ge_sub.h
+- ext/ed25519_ref10/ge_tobytes.c
+- ext/ed25519_ref10/keypair.c
+- ext/ed25519_ref10/open.c
+- ext/ed25519_ref10/pow22523.h
+- ext/ed25519_ref10/pow225521.h
+- ext/ed25519_ref10/sc.h
+- ext/ed25519_ref10/sc_muladd.c
+- ext/ed25519_ref10/sc_reduce.c
+- ext/ed25519_ref10/sha512.c
+- ext/ed25519_ref10/sha512.h
+- ext/ed25519_ref10/sign.c
+- ext/ed25519_ref10/sqrtm1.h
+- ext/ed25519_ref10/verify.c
 - lib/ed25519.rb
-- lib/ed25519/jruby_engine.rb
+- lib/ed25519/provider/jruby.rb
 - lib/ed25519/signing_key.rb
 - lib/ed25519/verify_key.rb
 - lib/ed25519/version.rb
-- tasks/extension.rake
-- tasks/rspec.rake
 homepage: https://github.com/cryptosphere/ed25519
 licenses: []
 metadata: {}

data/ext/ed25519/crypto_int32.h

@@ -1,6 +0,0 @@
-#ifndef crypto_int32_h
-#define crypto_int32_h
-
-typedef int crypto_int32;
-
-#endif

data/ext/ed25519/crypto_sign.h

@@ -1,13 +0,0 @@
-#ifndef crypto_sign_edwards25519sha512batch_H
-#define crypto_sign_edwards25519sha512batch_H
-
-#define SECRETKEYBYTES 64
-#define PUBLICKEYBYTES 32
-#define SIGNATUREBYTES 64
-
-extern int crypto_sign(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
-extern int crypto_sign_open(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
-extern int crypto_sign_keypair(unsigned char *,unsigned char *);
-extern int crypto_sign_publickey(unsigned char *pk, unsigned char *sk, unsigned char *seed);
-
-#endif

data/ext/ed25519/crypto_uint32.h

@@ -1,6 +0,0 @@
-#ifndef crypto_uint32_h
-#define crypto_uint32_h
-
-typedef unsigned int crypto_uint32;
-
-#endif

data/ext/ed25519/crypto_verify_32.h

@@ -1,7 +0,0 @@
-#ifndef crypto_verify_32_H
-#define crypto_verify_32_H
-
-#define crypto_verify_32_ref_BYTES 32
-extern int crypto_verify_32(const unsigned char *,const unsigned char *);
-
-#endif

data/ext/ed25519/ed25519.c

@@ -1,136 +0,0 @@
-#include "crypto_sign.h"
-
-#include "crypto_verify_32.h"
-#include "sha512.h"
-
-#include "ge25519.h"
-
-static void get_hram(unsigned char *hram, const unsigned char *sm, const unsigned char *pk, unsigned char *playground, unsigned long long smlen)
-{
-  unsigned long long i;
-
-  for (i =  0;i < 32;++i)    playground[i] = sm[i];
-  for (i = 32;i < 64;++i)    playground[i] = pk[i-32];
-  for (i = 64;i < smlen;++i) playground[i] = sm[i];
-
-  crypto_hash_sha512(hram,playground,smlen);
-}
-
-
-int crypto_sign_publickey(
-    unsigned char *pk,  // write 32 bytes into this
-    unsigned char *sk,  // write 64 bytes into this (seed+pubkey)
-    unsigned char *seed // 32 bytes
-    )
-{
-  sc25519 scsk;
-  ge25519 gepk;
-  int i;
-
-  crypto_hash_sha512(sk, seed, 32);
-  sk[0] &= 248;
-  sk[31] &= 127;
-  sk[31] |= 64;
-
-  sc25519_from32bytes(&scsk,sk);
-  
-  ge25519_scalarmult_base(&gepk, &scsk);
-  ge25519_pack(pk, &gepk);
-  for(i=0;i<32;i++)
-    sk[32 + i] = pk[i];
-  for(i=0;i<32;i++)
-    sk[i] = seed[i];
-  return 0;
-}
-
-int crypto_sign(
-    unsigned char *sm,unsigned long long *smlen,
-    const unsigned char *m,unsigned long long mlen,
-    const unsigned char *sk
-    )
-{
-  sc25519 sck, scs, scsk;
-  ge25519 ger;
-  unsigned char r[32];
-  unsigned char s[32];
-  unsigned char extsk[64];
-  unsigned long long i;
-  unsigned char hmg[crypto_hash_sha512_BYTES];
-  unsigned char hram[crypto_hash_sha512_BYTES];
-
-  crypto_hash_sha512(extsk, sk, 32);
-  extsk[0] &= 248;
-  extsk[31] &= 127;
-  extsk[31] |= 64;
-
-  *smlen = mlen+64;
-  for(i=0;i<mlen;i++)
-    sm[64 + i] = m[i];
-  for(i=0;i<32;i++)
-    sm[32 + i] = extsk[32+i];
-
-  crypto_hash_sha512(hmg, sm+32, mlen+32); /* Generate k as h(extsk[32],...,extsk[63],m) */
-
-  /* Computation of R */
-  sc25519_from64bytes(&sck, hmg);
-  ge25519_scalarmult_base(&ger, &sck);
-  ge25519_pack(r, &ger);
-  
-  /* Computation of s */
-  for(i=0;i<32;i++)
-    sm[i] = r[i];
-
-  get_hram(hram, sm, sk+32, sm, mlen+64);
-
-  sc25519_from64bytes(&scs, hram);
-  sc25519_from32bytes(&scsk, extsk);
-  sc25519_mul(&scs, &scs, &scsk);
-  
-  sc25519_add(&scs, &scs, &sck);
-
-  sc25519_to32bytes(s,&scs); /* cat s */
-  for(i=0;i<32;i++)
-    sm[32 + i] = s[i]; 
-
-  return 0;
-}
-
-int crypto_sign_open(
-    unsigned char *m,unsigned long long *mlen,
-    const unsigned char *sm,unsigned long long smlen,
-    const unsigned char *pk
-    )
-{
-  int i, ret;
-  unsigned char t2[32];
-  ge25519 get1, get2;
-  sc25519 schram, scs;
-  unsigned char hram[crypto_hash_sha512_BYTES];
-
-  if (ge25519_unpackneg_vartime(&get1, pk)) return -1;
-
-  get_hram(hram,sm,pk,m,smlen);
-
-  sc25519_from64bytes(&schram, hram);
-
-  sc25519_from32bytes(&scs, sm+32);
-
-  ge25519_double_scalarmult_vartime(&get2, &get1, &schram, &ge25519_base, &scs);
-  ge25519_pack(t2, &get2);
-
-  ret = crypto_verify_32(sm, t2);
-
-  if (!ret)
-  {
-    for(i=0;i<smlen-64;i++)
-      m[i] = sm[i + 64];
-    *mlen = smlen-64;
-  }
-  else
-  {
-    for(i=0;i<smlen-64;i++)
-      m[i] = 0;
-    *mlen = (unsigned long long) -1;
-  }
-  return ret;
-}